Low level storage protocols, systems and methods

ABSTRACT

Communication protocols, systems, and methods that facilitate communication between disaggregated elements, and also to devices adapted to function as such disaggregated elements, particularly across peer-to-peer (masterless) and include one or more unique features such as packet atomicity, blind ACKs, NAT bridging, locking, multicast spanning and mirroring, and authentication.

This application claims the benefit of U.S. provisional application No.60/425,867 incorporated herein by reference in its entirety.

FIELD OF THE INVENTION

The field of the invention is networked devices and communicationprotocols.

BACKGROUND OF THE INVENTION

It is well known to utilize layers of communication protocol to transmitdata between devices. It is not uncommon for a protocol tasked withtransmitting data to do so by adding a header to the data to form aunit, and then passing that unit on to another protocol that isgenerally considered to be a lower level protocol. Adding a header tothe unit provided by a higher-level protocol is often referred to asencapsulating the unit. As such, it is not uncommon to talk about layersof protocols wherein units formed by higher-level protocols areencapsulated within the data portions of lower level protocols. The unitformed by a given protocol layer will often be referred to by a namethat may indicate some of the characteristics of the protocol thatformed the unit and/or of the unit formed. Such names include, but arenot limited to, “datagram”, “packet”, and “frame”.

A set of protocols adapted to cooperate with each other is oftenreferred to as a suite. One common suite of protocols is the TCP/IPsuite and includes, among others, the IP, TCP, and UDP protocols. TheInternet Protocol (IP), defined by IETF RFC791, is the routing layerdatagram service of the TCP/IP suite and is used by most of the otherprotocols within the suite to route frames from host to host. The IPheader contains routing information and control information associatedwith datagram delivery. The User Datagram Protocol (UDP), defined byIETF RFC768, provides a simple, but unreliable message service fortransaction-oriented services. Each UDP header carries both a sourceport identifier and destination port identifier, allowing high-levelprotocols to target specific applications and services among hosts. TheTransmission Control Protocol (TCP), defined by IETF RFC793, provides areliable stream delivery and virtual connection service to applicationsthrough the use of sequenced acknowledgment with retransmission ofpackets when necessary.

SUMMARY OF THE INVENTION

The present invention is directed to communication protocols and methodsthat facilitate communication between disaggregated elements,particularly across peer-to-peer (masterless) networks, and also todevices adapted to function as such disaggregated elements. Such deviceswill generally implement one or more of the methods and protocolsdescribed and will utilize network addresses to access storage areaseither within themselves or within other devices. Various embodiments ofthe protocols and methods described herein will comprise one or more ofa number of unique features. Such features include, but are notnecessarily limited to packet atomicity, blind ACKs, NAT bridging,locking, multicast spanning and mirroring, and authentication.

Packet Atomicity

Packet atomicity exists for a packet if a command contained in itsheader can be executed without having to combine the packet with anypreceding or following packets. A protocol has packet atomicity if eachpacket, or at least substantially all of the packets, transmitted viathe protocol has/have packet atomicity. A protocol having packetatomicity will typically comprise a set of commands wherein each of thecommands is autonomous and can be executed without any assumption of aprevious state. In instances where a packet is being used to transfer aportion of a larger block of data, packet atomicity can be obtained byincluding an identifier that specifies the relative position of the datain the packet within the larger block of data.

Packet atomicity is desirable as it allows the use of connectionlesscommunication between devices. As such, a higher level protocol havingpacket atomicity can be implemented on top of either a connection basedprotocol such as TCP, or a connectionless protocol such as UDP.Protocols having packet atomicity are also able to take advantage offeatures of lower level connection protocols such as the IP protocol tomake features of the protocols having packet atomicity easier toimplement and expand.

It is contemplated that a preferred method of achieving packet atomicityis to avoid any packet commands that operate on a larger block of datathan can be contained in a single packet, and by including a uniqueblock identifier in the header of each packet that affects data. It isalso contemplated that when two devices communicate that it isadvantageous to size data unit of the packet to a size equal to thesmaller of the two block sizes of the devices.

It is contemplated that limiting packet data block sizes to be equal tothe smallest physical block of a device a packet is being sent to willresult in overall performance increases by decreasing processing time atthe target even though increasing packet size has historically been apreferred method of increasing network performance.

It is also contemplated that a preferred method of communicating a blockof data to a device for subsequent manipulation by the device mayinvolve dividing the block of data into sub-blocks with the devicemanipulating the sub-blocks without first re-assembling the block orreordering the packets.

Devices utilizing preferred methods of communication may use a method ofrequesting data from a second device wherein the data on the seconddevice is physically or logically divided into sub-units, and therequestor is only able to request a single sub-unit from the seconddevice by providing a number such as a logical block address identifyingthe sub-unit requested to the storage device with the sub-unit beingtransmitted to the requestor in a single data packet.

Blind Ack

A blind ACK is an inherent acknowledgement of receipt of a packet. It iscontemplated that limiting data transfers to data blocks that fit withina single packet and including a storage location identifiercorresponding to the data block being transferred eliminates the needfor an acknowledgement packet being sent. In preferred embodiments, arequesting device will initiate a transfer by sending a packetcomprising an appropriate command and an identifier of a block of datato be transferred. If the requesting device subsequently receives atransfer packet comprising the identifier of the block of data to betransferred, no further action is taken. However, if after a time-outperiod expires the requesting device has not received such a transferpacket, it will simply re-request that the block of data be transferred.As such, the transferring device need not re-transmit data other than tosatisfy additional requests, and need not receive confirmation ofreceipt from the requesting device. In essence, the failure of therequesting device to re-request data contained in a packet serves as anacknowledgement that the packet was received.

NAT Bridging

Preferred embodiments will support NAT Bridging, the ability tocommunicate through a NAT (network address translation) bridge withoutresorting to tunneling. As such, it is preferred that a first element beable to send a packet instructing a second element to instigate a datatransfer between the second element and a third element wherein thesecond element and third element are separated by a bridge such as aNAT. As such, a preferred network comprises a protocol having a commandto instruct two peers to communicate across a bridge, particularly whenthe bridge is a NAT. In an example of a preferred method, the firstelement may be something other than a storage element with the secondand third elements being storage elements (SEs). Sending an appropriatecommand to the second element, a SE on the same side of a NAT as thefirst element, will cause the second element to initiate a data transferwith the third element, a SE on the opposite side of the NAT from thefirst element. In less preferred embodiments, the first element mayutilize the IP address of the second element in a transfer request tothe third element. In such an instance, the response by the thirdelement may be directed by the NAT to the second element rather thanback to the first element.

Locking

Preferred methods and protocols will include the ability to cause adevice transferring data to a receiving device to lock the data suchthat the transferring device prevents modification of the transferreddata until the receiving device unlocks the data.

Multicasting

Utilizing multicasting capabilities of lower level protocols (possiblywith modifications) provides the ability to implement disk redundancysuch as by mirroring and RAID operations, and to support disk spanningin a manner that is transparent to higher levels.

Authentication

Authentication provides the ability to reject inadvertent or maliciouscorruption of communication between devices such that a receiving devicecan absolutely authenticate that a particular packet came from a trustedsource and has not been corrupted while being forwarded to the receivingdevice. It is contemplated that authentication is particularly importantwhen modifying data in a device and thus some embodiments may implementauthentication only in relation to commands that cause datamodification.

A preferred method of transferring data to a target device viaencapsulated packets will utilize encapsulated data packets comprising adata block, an identifier that maps the data block to a storage locationwithin a storage area of the target device, and a token (or a set oftokens) that is used by the target device to determine whether toexecute the command. In some instances, the method will only apply whenthe command to be executed is one which will cause the target device toreplace the contents of the storage location with the contents of thedata block of the encapsulated packet. In preferred embodiments, storageareas will be allocated to particular devices and a command will only beexecuted the source of the command is the device associated with anystorage area affected by the command. In some embodiments, the targetdevice may maintain a count of commands received from a particularsource and stop executing commands after a certain number of commandshave been received from that source.

It is contemplated that tokens may be derived using a combination of atleast one of the following: MAC address of the command source, MACaddress of the target device, the storage unit identifier, and thestorage area identifier. Use of the storage unit and/or storage areaidentifier to derive the token allows a target device to verify that anysuch identifier has not been corrupted since the token was originallyderived. Acceptance of a command as being provided by a particularsource in some instance may depend in part on a calculation involving akey previously provided by the source to the target device.

It is preferred that acceptance of a particular token as authenticatingthe source of a command does not depend on prior or later acceptance ofother tokens, and that a particular token only be useable once toauthenticate a source to the target device. It is also preferred that atany given point in time, a plurality of tokens be available forauthenticating that a command was received from a particular source.

External Access of Internal Storage

Devices using external network addresses to access internal storageareas (NAIS devices) are particularly well adapted to function aselements of a disaggregated component. More specifically, preferreddevices implement a segmented storage model such that storage providedby such devices can be viewed as being divided into storage areas, andthe storage areas into storage blocks, where each storage area isassigned a network address, and each storage block within a storage areais assigned an identifier that is unique within the storage area.Network traffic addressed with any address currently assigned to astorage area of a device will be picked up by the device and processedappropriately. As such, a single network address can be used to bothroute a packet across a network to a device and within the device to aparticular storage area.

Preferred NAIS devices will have the capability of allocating storageareas and assigning both a name and a network address to any allocatedstorage area. In some instances the assigned network address will changeover time while the name remains essentially constant for a particularstorage area while the storage area remains allocated. It iscontemplated that associating a name with any allocated storage areamakes it possible to identify a storage area even if the network addressassociated with that storage area has changed since the storage area wasallocated. On preferred networks, network addresses associated withstorage areas will by dynamically assigned in a manner similar to thatused to assign network addresses to network interfaces.

Disaggregation

The methods and devices described herein are particularly advantageouswhen the devices are elements that have been moved out of componentssuch as personal video recorders (PVRs) and coupled to a network suchthat they can be shared by multiple devices. In such instances theelements, despite not having to be embedded within a component, providethe functionality of an embedded element. A “disagregated” PVR willtypically comprise a controller element and a storage element with thecontroller element communicating with the storage element via a networkconnecting the controller and storage elements, and will use networkaddresses to access data in a storage area allocated to the controllerelement.

Spanning

It is contemplated that the storage provided by a NAIS device may spanmultiple NAIS devices, particularly if the NAIS device is a storagedevice (SD), a device functioning primarily to provide storage to otherdevices. As an example, a first SD receiving a request to allocatestorage for a device may not have sufficient capacity to satisfy therequest. However, if other SD's have capacity available for use, thefirst SD can allocate storage on one or more of the other SD's in orderto satisfy the request it first received. In some instances this will bedone by the first SD controlling the other SDs such that transfersaffecting the data of the SDs always pass through the first SD. In otherinstances multicast capabilities of the network may be used such thattransfers may travel to one of the other SDs without passing through thefirst SD.

Mirroring

It is contemplated that mirroring and support for other forms ofredundancy may be provided by having a single request be received by aplurality of NAIS SDs. In some instances, a multicast IP address may beassociated with storage areas on separate SDs. Alternatively, a first SDmay be instructed to watch for packets addressed to a second SD suchthat write requests (and possibly read or other requests) sent to thesecond SD are used by the first SD to mirror the data stored on thesecond SD. In yet another alternative, broadcast packets may be used ina similar fashion as multicast packets, but this is a less preferredoption.

Various objects, features, aspects and advantages of the presentinvention will become more apparent from the following detaileddescription of preferred embodiments of the invention, along with theaccompanying drawings in which like numerals represent like components.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic view of a split-id packet.

FIG. 2 is a detailed view of the split-id packet of figure SID1.

FIG. 3 is a schematic view of an embodiment of the SID packet of figureSID1.

FIG. 4 is a schematic view of an embodiment of the SID packet of figureSID1.

FIG. 5 is a schematic view of an embodiment of the SID packet of figureSID1.

FIG. 6 is a schematic view of an embodiment of the SID packet of figureSID1.

FIG. 7 is a schematic view of a storage model utilizing multi-segmentaddresses.

FIG. 8A is a schematic view of a storage system utilizing the model ofSID4.

FIG. 8B is a schematic view of a storage system utilizing the model ofSID4.

FIG. 8C is a schematic view of a storage system utilizing the model ofSID4.

FIG. 9 is a schematic view of a storage system on an IP network.

FIG. 10A is a schematic view of a tokened packet.

FIG. 10B is a schematic view of a tokened packet.

FIG. 10C is a schematic view of a tokened packet with the token in thecontrol portion of an encapsulated packet.

FIG. 11 is a schematic view of a PSAN packet.

FIG. 12 is a schematic view of a Tokened PSAN packet.

FIG. 13 is a schematic view of a Split-ID PSAN packet.

FIG. 14 is a schematic view of a Tokened, Split-ID PSAN packet.

FIG. 15 is a schematic view of a TRANSFER packet.

FIG. 16 is a schematic view of a REQUEST packet.

FIG. 17 is a schematic view of a REQUEST LOCK packet.

FIG. 18 is a schematic view of a ACK packet.

FIG. 19 is a schematic view of a ERROR packet.

FIG. 20 is a schematic view of a RELEASE PARTITION packet.

FIG. 21 is a schematic view of a GO TRANSFER packet.

FIG. 22 is a schematic view of a GO REQUEST packet.

FIG. 23 is a schematic view of a GO REQUEST LOCK packet.

FIG. 24 is a schematic view of a FIND packet.

FIG. 25 is a schematic view of a FIND RESPONSE packet.

FIG. 26 is a schematic view of a NAME RESOLUTION REQUEST packet.

FIG. 27 is a schematic view of a NAME RESOLUTION RESPONSE packet.

FIG. 28 is a schematic view of a SET MULTICAST IP packet.

FIG. 29 is a schematic view of a RELEASE MULTICAST IP packet.

FIG. 30 is a schematic view of a SET LBA OFFSET packet.

FIG. 31 is a schematic view of a shared NAIS storage device

FIG. 32 is a schematic view of allocated storage spanning NAIS storagedevices.

FIG. 33 is a schematic view of a mirrored NAIS storage device.

FIG. 34 is a schematic view of a RAID device implemented using NAISstorage devices.

FIG. 35 is a schematic view of a PC network comprising a shared NAISdevice.

FIG. 36 is a schematic view of a home entertainment system comprisingNAIS devices.

FIG. 37 is a schematic view of a digital still and video photographysystem comprising NAIS devices.

DETAILED DESCRIPTION

As will be described in more detail further on, preferred protocols willcomprise one or more tokened packets, split-id packets (“SID packets”),or atomic packets. A tokened packet is simply a packet that includes anauthentication token. A split-id packet is a packet comprising anencapsulating and an encapsulated packet where the split-id packet alsoincludes an identifier that is split such that a portion of theidentifier is obtained from the encapsulated packet while anotherportion is obtained from the encapsulating packet. An atomic packet is apacket that is sufficiently self contained that any command it containscan be executed without having to first be combined with any data frompast or future packets. A most preferred protocol will comprise one ormore atomic, tokened, split-id packets (“ATSID packets”), i.e. packetsthat are atomic, tokened, and comprise a split-id.

Split-ID Packets

As stated above, a SID packet is a packet comprising an encapsulatingand an encapsulated packet where the SID packet also includes anidentifier that is split such that at least one segment of theidentifier is located in the encapsulated packet while at least oneother segment is located in the encapsulating packet. Referring to FIG.1, SID packet 100 comprises a split-id (“SID”) 130. In many embodiments,both the encapsulating and encapsulated packets will comprise controlportions, and the SID segments will be located in those controlportions. Referring to FIG. 2, SID packet 200 comprises a controlportion 210 and a data portion 220 comprising a packet 250. Packet 250comprises control portion 260 and data portion 270 with segments 231 and232 of SID 130 being split between control portion 210 and controlportion 260.

It should be noted that a SID may comprise more than two segments. Asillustrated in FIG. 3, SID 130 may comprise two or more segments incontrol portion 310 and a single segment in control portion 350. Asillustrated in FIG. 4, SID 130 may comprise two or more segments incontrol portion 450 and a single segment in control portion 410. Asillustrated in FIG. 5, SID 130 may comprise two or more segments in bothcontrol portion 510 and control portion 550. SID 130 may also be splitamong more multiple encapsulated packets. As illustrated in FIG. 6, SID130 comprises at least three segments split among the control portionsof at least three packets, with at least one segment located in each ofthe at least three packets.

SID packets may be advantageously used for communication between twodevices that implement a storage model that in which multi-segmentaddresses identify storage locations. Such a storage model is depictedin FIG. 7. In FIG. 7, a storage system 700 is divided into storage areas710-740, and each storage area is divided into storage blocks (1-3 inarea 710, 1-4 in area 720, 1-2 in area 730, and 1-3 in area 740). In themodel of FIG. 7, any particular storage block can be identified with asingle address comprising two segments, a storage area segment and astorage block segment. One method of notating an address comprisingsegments X and Y is to write it in the form (X, Y). As such, block 711would be identified by the address (41, 1), block 713 by address (41,3),and block 743 by address (44,3). When SID packets are used inconjunction with such a model, the SID may be equated to themulti-segment address. In a preferred embodiment the storage areasegment would be located in the control portion of the encapsulatingpacket and the storage block segment would be located in the controlportion of the encapsulated packet. As such, the notation used hereinfor multi-segment addresses could also be used for split-IDs.

It should be noted that in some embodiments model 700 will be closelytied to the physical structure of the storage device, while in otherembodiments model 700 may simply be a logical constructs imposed on asystem having a totally dissimilar structure. As an example of a closelytied implementation, model 700 may be used to describe the storage spaceof a single hard disk with storage areas 710-740 being partitions on thehard disk. In such an implementation the storage area segment of asplit-ID identifying a block would likely be a partition identifier, andthe storage block segment would likely be a logical block addressassigned to the block within the partition. In less closely tiedimplementations, storage area 700 may comprise storage provided by aplurality of separate devices located in separate locations such as astorage network that includes multiple storage devices coupled togetherby a wide area network. The actual physical structure of storage deviceimplementing a multi-segment storage model is generally not a concern solong as it supports multi-segment addressing and may thus advantageouslyuse split-ID packets to communicate.

The use of SID packet is particularly advantageous when the storagemodel is implemented in a storage system coupled to a network, eachstorage area is assigned a network address, and the storage system isadapted to examine packets comprising network addresses assigned tostorage areas within the storage system. As shown in FIG. 8, storagesystem 800 is coupled to network 890 via network interface 801. Thestorage provided by system 800 comprises allocated areas 810B and 810D,and unallocated areas 810A, 810C, and 810E. Network interface 801 isassigned network address 50. Storage area 810B is assigned networkaddress 51. Storage area 810D is assigned network address 52. Storageblock 821 is identified by the ID (51,1), block 822 by ID (51,3), block823 by ID (52,1), and block 824 by ID (52,2). Thus, storage system 800is assigned three network IDs, two of which are assigned to storageareas. Any packet having a destination address of 50, 51, or 52 shouldbe examined by system 800 with packets addressed to addresses 51 and 52being used to manipulate the contents of storage areas 810B and 810Drespectively. In alternative embodiments, a storage system may comprisemultiple connections to a network as shown in FIGS. 8B and 8C. In 8B,system 800B is coupled to network 890B via network interfaces 802A and802B. Network address 50 is a assigned to interface 802A, address 51 to802B, and address 53 to allocated storage area 810F. Block 825 isidentified by ID (53,1) and block 826 by ID (53,2). In 8C, system 800Cis coupled to network 890C via network interfaces 803A, 803C, and 803Cand has three allocated storage areas, 810G, 810H, and 810J and sixnetwork addresses 50-55. Network address 50 is assigned to interface803A, 52 to 803B, 54 to 803C, 51 to storage area 810J, 53 to storagearea 810H, and 55 to 810G. It should be noted that in FIG. 8C there is aone network interface for each network storage area. Although such anembodiment is a less preferred one, in such an instance a single addressmay assigned to each combination of interface and storage area such thataddresses 51, 53, and 55 are not needed.

It should be noted that the storage systems 800A, 800B, and 800C usesnetwork addresses to access internal storage areas. Devices usingnetwork addresses to access internal storage areas (NAIS devices) arenot limited storage systems and devices. As an example, a NAIS devicesuch as a digital camera may simply comprise internal memory that isbeing made accessible to other devices. Although it contains storage,the primary purpose of digital camera is not to provide storage to otherdevices and, because of the limited amount of memory it has, wouldtypically not function well in that capacity. However, if the camera isa NAIS device, another device may be able to access and/or manipulatethe contents of the storage within the camera sing the methods describedherein.

It is currently contemplated that the use of SID packets is mostadvantageous when the storage model is implemented in a NAIS device suchas a storage system coupled to an IP network, and the network addressesassigned to storage areas are IP addresses. In FIG. 9 storage system 900comprises network interface 901 and allocated storage areas 910A and910B, and is coupled to IP network 990. Network interface 901 isassigned MAC address 00:0A:B1:01:FC:22 and IP address 3.3.3.3. Storagearea 910A has been assigned IP address 3.3.3.4, and are 910B address3.3.3.5. Storage block 911 is identified by the ID (3.3.3.4, 1), andblock 914 by ID (3.3.3.4,4). For storage devices stored on IP networksthe network address of the network interfaces and/or the storage areasmay be dynamically allocated. As an example a network address serversuch as a DHCP server can be used to dynamically allocate IP addresses.

In some instances, a storage model may comprise three or more levels ofsegregation and use an ID comprising three or more segments to identifya particular storage block. In such instances, if the network supportsan addressing hierarchy, that hierarchy may be partially or fullyapplied to identify blocks in a similar fashion. As such, a devicecoupled to a network on which IP and UDP packets are used might assignIP addresses to sets of storage areas and UDP port numbers to eachstorage area within a set of storage areas. Alternatively, a single IPaddress might be viewed as comprising four segments, each segmenthelping to identify a particular storage area in a similar fashion tohow TP addresses may be used to identify devices within subnets.

In some embodiments the portions of a protocol that relate to split-IDpackets act as extensions to the protocol of the encapsulating packet asa split-id requires that the control portions of both the encapsulatingand encapsulated packets be available to determine the value of thesplit-id. This is particularly true when the control portions of packetsare implemented as headers and are followed by the data portion of thepacket such that the header of the encapsulated packet immediatelyfollows the header of the encapsulating packet. It is contemplated thatin some embodiments a multi-segment address may be used to identifystorage locations where the multi-segment address is part of the controlportion of a single packet such as an IP packet. As such, the samememory model and multi-segment addressing may be implemented by addingthe storage block identifier to the header of an IP packet where thedestination address portion of the IP header is an IP address assignedto a storage location.

Tokened Packets

As stated above, a tokened packet is simply a packet that includes anauthentication token where an authentication token is a value or set ofvalues used to authenticate the source of the packet and/or at leastsome of the contents of the packet. FIG. 10A illustrates a tokenedpacket 1000A comprising token 1040. FIG. 10B illustrates a tokenedpacket 1000B comprising at least two token segments 1041 and 1042. Inpreferred embodiments, the token will be part of the control portion ofan encapsulated packet as shown in FIG. 10C. In FIG. 10C packet 1000Ccomprises control portion 1010 and data portion 1020. Data portion 1020comprises an encapsulated packet having a control portion 1030 and adata portion 1035, and token 1040C is positioned within control portion1030.

It is preferred that authentication tokens be generated using one ormore algorithms and/or data values in a manner likely to preventunauthorized devices from generating tokens that will cause invalidpackets to be accepted as valid. Invalid packets are packets originatingat a source other than a source identified in a token (“false packets”),or comprising data values that appear to have been provided by thesource but that are not values included in the packet by the sourceidentified in the token (“corrupted packets”). In some embodimentstokens may be an encrypted set of data that is decrypted using a keypreviously provided by the source. In other instances portions of thepacket being validated may be used as a key for decrypting the token. Itshould be noted that other encryption mechanisms or unencrypted tokensmay also be used. As an example, in a less preferred embodiment a tokenmay simply comprise an unencrypted data string that a device receiving apacket has been told to associate with a source device. If the tokenmatches the data string previously provided to the destination device,the packet is accepted as valid.

Atomic Packets

As stated above, an atomic packet is a packet that is sufficiently selfcontained that any command it contains can be executed without having tofirst be combined with any data from past or future packets. Atomicityis obtained herein by limiting data transfers to single storage blocksand including a position identifier in any packet used to transfer astorage block.

ATSID Packets

As stated above, an ATSID packet is a packet that is atomic, tokened,and comprises a split-id, and the prior discussions relating to atomic,tokened, and split ID packets generally apply to ATSID packets. It iscontemplated that ATSID packets are particularly advantageous whenapplied to data transfer packets such as those that comprise a commandinstructing a device to replace the contents of a data block with thecontents of the data portion of the packet, or packets generated inresponse to a request for data from another device. In either instanceit is preferred that an ATSID packet be used to transfer the data. Asdescribed in relation to the preferred embodiments above, an ATSIDpacket will comprise a first packet encapsulating a second packetwherein a token is included in the control portion of the encapsulatedpacket and a multi-segment address is split between the control portionof the encapsulating packet and the control portion of the encapsulatedpacket.

PSAN Protocol

A preferred storage area network (“SAN”) protocol comprises combinationsof ATSID packets, tokened packets, split-ED packets, and also comprisesthe features described above such as packet atomicity, blind ACKs, NATbridging, locking, multicast spanning and mirroring, and authentication.Referred to herein as the “PSAN protocol”, it is preferred that the PSANprotocol comprise several sub-protocols such as a Block Transferprotocol, and a Name Resolution Broadcast Protocol. The PSANsub-protocols can be viewed as sets of rules to be applied in theformation and interpretation of packets as well as the software and/orhardware used by a particular device to carry out those rules whencommunicating with other devices. In some instance a device mayimplement only a subset of the PSAN sub-protocols.

The PSAN protocol is preferably implemented in a fashion wherein packets1100 (see FIG. 11) formed in accordance with the PSAN protocol (“PSANpackets”) comprise a control portion 1110 and possibly a data portion(data portion 1120 in the embodiment of FIG. 11), the control portion1110 being implemented as a header followed, if applicable, by the dataportion 1120. The control portion of each PSAN packet comprises acommand 1101 that identifies the format of the rest of the controlportion of the packet and the function of the packet. In preferredembodiments, the command value comprises the first bits of a packet,and, more preferably, the first byte (8 bits) of the packet, butalternative embodiments may position the command value differently.

In some instances, the command 1101 may be said to be “executed” in thata receiving device will evaluate the value of the command and, based onthat value, execute an equivalent instruction or set of instructions. Assuch, a packet may be referred to as a command as it is treated as acommand to a receiving device to take a particular action or set ofactions.

As the format of the control portion of a particular packet can bedetermined based on the command value it contains, the contemplatedformats described herein will be referred to by reference to thecorresponding command value, or, more accurately, the name assigned tothe corresponding command value. The following table (Table 1)identifies preferred values for a preferred set of commands:

TABLE 1 Command Value Value Value Name (Decimal) (Hex) (Binary) TRANSFER1 01 0000 0001 REQUEST 2 02 0000 0010 REQUEST 3 03 0000 0011 LOCK ACK 404 0000 0100 ERROR 8 08 0000 1000 RELEASE 15 0F 0000 1111 PARTITION GO17 11 0001 0001 TRANSFER GO REQUEST 18 12 0001 0010 GO REQUEST 19 130001 0011 LOCK FIND 128 80 1000 0000 FIND 128 81 1000 0001 RESPONSE NAME144 90 1001 0000 RESOLUTION REQUEST NAME 145 91 1001 0001 RESOLUTIONRESPONSE SET 9 09 0000 1001 MULTICAST IP RELEASE 10 0A 0000 1010MULTICAST IP SET LBA 11 0B 0000 1011 OFFSETIt is contemplated that some embodiments of the PSAN protocol mayconsist essentially or entirely of the commands listed in table 1although the actual values for the commands may differ from those shown.

A majority of the PSAN packets will be tokened and/or split-ID packetsas shown in FIGS. 12-14. In FIG. 12, a packet 1200 comprises a command1201, and an authentication token 1202. In preferred embodiments, token1202 comprises and ASCII 1202A followed by a delimiter 1202B. In FIG.13, a packet 1300 comprises a command value 1301 and a segment of asplit-ID 1303. In FIG. 14, a packet 1400 comprises a command value 1401and both a token (1402A and 1402B) and a segment of a split-ID 1403:

In preferred embodiments, PSAN packets will be encapsulated within lowerlevel protocol packets such as IP-UDP or IP-TCP packets, and a secondsegment of any PSAN split-ID packet will comprise the network address ofthe encapsulating packet. In a most preferred embodiment, the secondsegment of a split-ID packet will comprise the destination IP-address ofan encapsulating IP packet.

In preferred embodiments the storage blocks of a storage area of adevice will be sequentially numbered in a manner similar to the use oflogical block addresses (“LBAs”) in disk partitions, and the segment1403 will comprise the equivalent of the LBA of the storage block withinits storage area. As such, segment 1403 may be referred to herein as a“LBA”, but in such instances it should be kept in mind that segment 1403may be any identifier that, in conjunction with a segment found in anencapsulating packet, uniquely identifies a storage block. Since thenetwork address will, in preferred embodiment comprise and IP-address,the segment of a split-ID found in an encapsulating packet may bereferred to herein as an IP-address, but it should be kept in mind insuch instances that the segment located in an encapsulating packet maybe any identifier that, in conjunction with segment 1403, uniquelyidentifies a storage block.

PSAN Protocol—Block Transfer

The PSAN Block Transfer protocol consists essentially of a TRANSFERcommand, a REQUEST command, a REQUEST LOCK command, a RELEASE PARTITIONcommand, an ACK command, and an ERROR command. In preferred embodiments,the PSAN Block Transfer protocol will also comprise a corresponding setof “GO” commands that are used to cause another device to transmitTRANSFER, REQUEST, and REQUEST LOCK commands to a third device. The GOcommands are GO TRANSFER, GO REQUEST, and GO REQUEST LOCK. Embodimentsthat support multicast will also comprise a SET MULTIPCAST IP command, aRELEASE MULTICAST IP command, and a SET LBA OFFSET command. In preferredembodiments, the value of each command will correspond to the values ofTable 1.

A preferred TRANSFER packet 1500 comprises, as shown in FIG. 15, both acontrol portion 1510 and a data portion 1520. The control portioncomprises a command 1501, token (1502A and 1502B) and an LBA 1503. TheTRANSFER packet is used to transfer data either as a “write” to adevice, or to respond to a REQUEST packet. Encapsulated PSAN TRANSFERpackets are ATSID packets as they contain a token, a split-ID, and areatomic as the command of the packet is applied only to data containedwithin data portion 1520 of the packet making TRANSFER packets ATSIDpackets.

Whether generated as an initial write or as a response to a request,executing a TRANSFER command has the same effect, i.e. replacing thecontents of a storage location on the receiving device with the contentsof the data portion 1520 of the packet. A PSAN TRANSFER command ispreferably limited to a single storage location, and to include all thedata affecting that storage location. As such, the TRANSFER command doesnot depend on any other packets for execution. Transfers involvingmultiple storage blocks, even if the blocks are sequential, areaccomplished through the use of multiple transfer commands/packets, onepacket per storage block.

When a TRANSFER command is sent from a first device to a second deviceit is advantageous to size data portion 1520 to be equal to the smallerof the two block sizes of the devices. Limiting packet data block sizesto be equal to the smallest physical block of a device a packet is beingsent to will often result in overall performance increases by decreasingprocessing time at the target even though increasing packet size hashistorically been a preferred method of increasing network performance.In instances where the physical block size differs between twocommunicating devices, communicating a block of data to a device forsubsequent manipulation by the device may involve dividing the block ofdata into sub-blocks with the device manipulating the sub-blocks withoutfirst re-assembling the block or reordering the packets.

It should be noted that the data portion of the transfer back is sizedsmaller than the maximum allowable size for a data packet wouldotherwise permit. Decreasing the data block size may result in increasedperformance by eliminating processing on either one or both thetransferring a receiving device, and/or eliminating time spent waitingfor additional packets to be received.

In a preferred embodiment a TRANSFER command comprising a “0” value LBAis used to allocate a storage area to a device, the storage area beinggenerally reserved to a device (a “client”) until the device issues aRELEASE PARTITION command. Once allocated a storage area is preferablyinaccessible to any device that cannot provide a token authorizing itsaccess such that a device requesting that a storage area be allocatedcontrols access to the allocated partition. In some instances allocationneed not require a validation of the source of the packet and as such,the token may comprise a NULL value. In preferred embodiments, the dataportion of the TRANSFER command being used to allocate a storage areawill comprise a Name, Token, ID Character String, Authentication Tags,Partition Size, and Personality Tags.

The Name is preferably a character string or other unique identifier tobe associated with an allocated storage area in addition to anyassociated IP Address. It is preferred that IP addresses by dynamicallyallocated to storage areas. As such, accessing a storage area willgenerally first required identifying the IP address associated with thatstorage area. By specifying a Name when requesting allocation of astorage area, the specified name can be used at a later time todetermine the IP address associated with that storage area even if theIP address is not the IP address originally associated with the storagearea.

The token is a token as previously described in regard to tokenedpackets. The ID Character String is a public partition name that is usedto provide descriptive tect in allocation status responses. TheAuthentication Tags are a set of tags used to define the type ofauthentication to be enforced on the allocated storage area. ThePartition Size is simply the amount of storage that a device isrequesting be allocated. The Personality Tags are a set of values thatestablish various options provided by a storage device for an allocatedstorage area such as write-once partitioning or bandwidth allocation.

A preferred REQUEST packet 1600 comprises, as shown in FIG. 16, acontrol portion 1610. The control portion comprises a command 1601,token (1602A and 1602B) and an LBA 1603. A REQUEST command is used by asending device to request that a receiving device transfer the contentsof the data block identified by the LBA and the IP address provided asthe destination address of the encapsulating IP packet be transferred tothe requesting/sending device. A device receiving a REQUEST packetresponds with a TRANSFER packet.

It should be noted that receipt of a TRANSFER packet comprising the sameLBA as a REQUEST packet acts as an acknowledgement that the REQUESTpacket was received. Similarly, the device that received the REQUESTpacket and sent the TRANSFER packet need not receive an ACK packet fromthe source of the REQUEST as failure to receive a requested packet canbe dealt with by re-sending the REQUEST packet. As such, in preferredembodiments a REQUEST will be resent if a corresponding TRANSFER packet(i.e. having the same LBA) is not received within some time period.

In a preferred embodiment a REQUEST command comprising a “0” value LBAis used request that a device report is capabilities. In preferredembodiments any response to such a request will comprise one or more ofthe following: Version, Total Capacity, Available Capacity, Speed,Reliability, Portability, and QoS Capability. In some instances statusrequests need not require a validation of the source of the packet andas such, the token may comprise a NULL value.

In a preferred embodiment a REQUEST command comprising a “1” value LBAand a NULL token is used to request that a device report thecharacteristics of a storage area. In preferred embodiments any responseto such a request will comprise one or more of the following: IDCharacter String, and Size where the Size is the size of the allocatedstorage area and the ID Character String is the public character stringprovided as part of the allocation request.

A preferred REQUEST LOCK packet 1700 comprises, as shown in FIG. 17, acontrol portion 1710. The control portion comprises a command 1701,token (1702A and 1702B) and a LBA 1703. Receipt of a REQUEST LOCK packetinstructs a device to both transfer the contents of a particular storageblock (as with a REQUEST packet), and to “lock” its contents, i.e. toprevent any subsequent access to the storage block until a TRANSFERcommand is received from the device that requested the lock, or untilafter a time out occurs. If a subsequent request from the samerequesting device for the same storage block is received, any timercounting down the time out period is reset such that the second requestessentially initiates a new lock request. In some instances a lock maybe released by a subsequent receipt of a REQUEST (not a REQUEST LOCK)command for the same storage block from the device that requested thelock. In some instances a REQUEST LOCK may lock an entire storage areaand not just a single storage block.

A preferred ACK packet 1800 comprises, as shown in FIG. 18, a controlportion 1810. The control portion comprises a command 1801, and a LBA1803. This command acknowledges a successful transfer and need only beused when a TRANSFER command is not issued in response to a REQUESTcommand. In such instances receipt of a TRANSFER command is essentiallyand instruction to write the contents of the data portion of the packetinto the identified storage block. Once that process is complete, an ACKmessage can be sent to the source of the TRANSFER command to communicatethat the command has been executed.

A preferred ERROR packet 1900 comprises, as shown in FIG. 19, a controlportion 1910. The control portion comprises a command 1901, a LBA 1903,and an error message 1904 that comprises an error code 1904A, a textmessage 1904B, and a delimiter 1904C. An ERROR packet is used toindicate that a requested operation could not be completed for somereason and is generally sent in place of an ACK or a TRANSFER command inresponse to a REQUEST or a TRANSFER command. The following errormessages may advantageously be implemented in any preferred embodiment:

TABLE 2 Code Code Code Text (Decimal) (Hex.) (Binary) InvalidAuthorization 1 01 0000 0001 Partition has locked 2 02 0000 0010 you outGo Command had an 4 04 0000 0100 Invalid Authorization as to thedestination Go Command was 8 08 0000 1000 locked out of partition at thedestination LBA is out of Range 16 10 0001 1010 LBA is Write 32 20 00100100 ProtectedIn some instances an embodiment of the PSAN protocol may consistessentially, or possibly only, of the messages listed in Table 2.

A preferred RELEASE PARTITION packet 2000 comprises, as shown in FIG.20, a control portion 2010. The control portion comprises a command 2001and a token (2002A and 2002B). The RELEASE PARTITION command willgenerally be issued by a device that previously requested that apartition be allocated using a TRANSFER COMMAND as described above.Executing a RELEASE PARTITION command will generally involve erasing anydata contained in the storage area, releasing the LP address associatedwith that storage area, and otherwise making the storage blocks withinthe storage area available for future allocation.

It is preferred that one device be capable of requesting data transfersto occur between two other devices, even those separated by a bridgesuch as a NAT bridge. As such, preferred embodiments will comprise “GO”versions of the TRANSFER, REQUEST, and REQUEST LOCK packets where the GOversions of the packets are adapted to provide the information a 2″^(d)device would require to initiate a transfer with a 3^(rd) device.

A preferred GO TRANSFER packet 2100 comprises, as shown in FIG. 21, acontrol portion 2110 and a data portion 2120. The control portioncomprises a command 2101, a token (2102A and 2102B), a split-ID segments2103, 2105, and 2107, and a second token 2106. The split-ID segments2103 and 2107 are LBAs, and the segment 2105 is an IP address of astorage area on a third device to be used with LBA 2107 to identify astorage block on the third device. LBA 2103 is coupled with thedestination IP address of the GO TRANSFER packet to identify a storageblock within a particular storage area on a 2″^(d) device that receivesthe GO TRANSFER packet. Upon receipt of a GO TRANSFER packet from a1^(st) device, a 2^(nd) device sends a TRANSFER command that essentiallywrites the contents in the block identified by LBA 2103 to the blockidentified by IP address 2105 and LBA 2107, with the second token 2106authorizing such a write.

A preferred GO REQUEST packet 2200 comprises, as shown in FIG. 22, acontrol portion 2210. The control portion comprises a command 2201, atoken (2202A and 2202B), a split-ID segments 2203, 2205, and 2207, and asecond token (2206A and 2206B). The split-ID segments 2203 and 2207 areLBAs, and the segment 2205 is an IP address of a storage area on a thirddevice to be used with LBA 2207 to identify a storage block on the thirddevice. LBA 2203 is coupled with the destination IP address of the GOREQUEST packet to identify a storage block within a particular storagearea on a 2^(nd) device that receives the GO REQUEST packet. Uponreceipt of a GO REQUEST packet from a 1^(st) device, a 2^(nd) devicesends a REQUEST command requesting that the block identified by IPaddress 2205 and LBA 2207, with the second token (2206A and 2206B)authorizing such a request, be transferred to the 2^(nd) device whichwill use the transferred data to replace the contents of the blockidentified by LBA 2203 and the destination IP address of the GO REQUESTpacket.

A preferred GO REQUEST LOCK packet 2300 comprises, as shown in FIG. 23,a control portion 2310. The control portion comprises a command 2301, atoken (2302A and 2302B), a split-ID segments 2303, 2305, and 2307, and asecond token (2306A and 2306B). This packet is used in the same fashionas a GO REQUEST packet but provides the additional features found in aREQUEST LOCK command as previously described.

A preferred SET MULTICAST IP packet 2800 comprises, as shown in FIG. 28,a control portion 2810 comprising a command 2801, a token (2802A and2802B), and a multicast IP address (or some other form of multicastaddress) 2809. This packet is used to instruct a device that it shouldassociate the specified multicast IP address with an allocated storagearea such that packets such as TRANSFER and TRANSFER REQUEST packetscomprising the assigned multicast address can access the storage areaassociated with the multicast address. In some instances setting amulticast IP address will prohibit the use of a unicast IP address toaccess a storage area associated with a multicast IP address. In otherinstances a storage area may be associated with both a unicast and amulticast IP address such that either address can be used to access datacontained in the storage area. Upon receipt of a SET MULTICAST IP packeta device will likely issue an JP Group Management Protocol (IGMP) Joinmessage and will subsequently respond to IGMP Queries.

A preferred RELEASE MULTICAST IP packet 2900 comprises, as shown in FIG.29, a control portion 2910 comprising a command 2901, a token (2902A and2902B), and a multicast IP address (or some other form of multicastaddress) 2909. A device receiving this packet will disassociate thespecified multicast IP address from any partition it was previouslyassociated with.

A preferred SET LBA OFFSET packet 3000 comprises, as shown in FIG. 30, acontrol portion 3010 comprising a command 3001, a token (3002A and3002B), and an LBA offset 3009. This command is used to set a LBAstarting address for a storage area. Thus, where the lowest value LBAsfor a storage area might otherwise be one, after receipt of this packetit would be the offset value specified.

The use of multicasting, particularly IP multicasting and the IGMPprotocol as facilitated by the SET MULTICAST IP and RELEASE MULTICAST IPpackets previously described, is particularly advantageous when tryingto implement storage area mirroring. To mirror a first storage area ontoa second storage area simply requires that both storage areas beassociated with a common multicast address via the SET MULTICAST IPcommand. Subsequent TRANSFER commands made using that address willresult in updates of the data contained in both storage areas.

The use of multicasting also advantageous when a storage device receivesa request to allocate more storage than it has available. In such aninstance the storage device can satisfy the request by providing therequesting device access to a virtual storage area that spans devices,in essence providing a plurality of storage areas to satisfy therequest. In such an instance, the partitions to be used to satisfy therequest can all be assigned a multicast IP address, and all but one canbe assigned an LBA offset (via the SET LBA OFFSET command). The storagedevices comprising the allocated partitions would then examine the LBAof any packets received via the multicast address, and if the LBA of thepacket was in the range of LBAs assigned to a storage area it contained,use the packet as it was intended.

PSAN Protocol—Broadcast Name Resolution

A preferred FIND packet 2400 comprises, as shown in FIG. 24, a controlportion 2410 comprising a command 2401. This packet is issued as abroadcast request by a requesting device looking for the IP address ofeach accessible storage area. Any device receiving such a broadcastpacket that comprises an allocated storage area should respond with oneor more FIND RESPONSE packets with one FIND RESPONSE packet being sentby a device for every allocated storage area on that device.

A preferred FIND RESPONSE 2500 packet comprises, as shown in FIG. 25, acontrol portion 2510 comprising a command 2501 and a IP Address 2508. IPAddress 2508 is the IP Address assigned to a particular storage area.

A preferred NAME RESOLUTION REQUEST packet 2600 comprises, as shown inFIG. 26, a control portion 2610 comprising a command 2601 and a name2609. Any device comprising an allocated storage area assigned with thename 2609 should respond with a NAME RESOLUTION RESPONSE packetcomprising the IP address currently associated with the storage area. Asa result, a device that requested that a storage area be allocated canobtain the current IP address associated with that name by issuing aNAME RESOLUTION REQUEST with the name specified with the request toallocate the storage area.

A preferred NAME RESOLUTION RESPONSE packet 2700 comprises, as shown inFIG. 27, a control portion 2710 comprising a command 2701, a name 2709,and an IP address 2708. A NAME RESOLUTION RESPONSE packet is issued inresponse to a NAME RESOLUTION REQUEST as described above.

PSAN Protocol—Authentication

It is preferred that embodiments of the PSAN protocol support at leastfour, and in some instances at least five, levels of packetauthentication such that a device implementing a PSAN protocol maychoose one of at least six levels of security. As described herein level0 equates to the lowest level of authentication and level 5 to thehighest level of authentication. All preferred embodiments will supportat least levels 0-2.

A device operating at Level 0 would accept any request from any source.

A device operating at Level 1 rejects packets that affect a storage areaand are obtained from any source that is not the client that originallyallocated storage area. Such a rejection must rely on the sourceidentifiers contained in a received packet such as the source MAC or IPaddress contained in the packet. Use of MAC validation provides asignificant level of hardware protection within a network interface card(NIC) from IP spoofing but limits flexibility as only the client will beable to access an allocated storage area. Even where access by a singledevice is desirable, replacement of that device will cause data lossunless a mechanism for transferring a MAC address is available. IPvalidation often provides less protection against spoofing as the sourceIP address of a packet may be more readily manipulated, but allows forsimpler sharing of allocated storage areas. Unfortunately, givensufficient access to the hardware and software coupling a devicespoofing of both MAC and IP addresses is possible.

A device operating at Level 2 uses rotating keys to reject accidental ormalicious packets from clients who do not have the synchronization seedfor the rotating key. The rotating key is a special class of keys whichallow the receiver of the packets to provide a variable window of validrotating packet keys. Once used no packet key may be used again within asingle synchronization. Rotation of the keys within the sliding windowoccurs as each packet is acknowledged or timed out. The window nature ofthis schema addresses IP's unique variable time-of-flight and out oforder packet flexibility. Synchronization of the receiver's rotating keywindow is maintained as an average moving window where the valid packetsreceived are used to calculate the position of the receiver's window.

The use of systolic processing of the packet keys allows the client tocontrol the length of the key and therefore the maximum instantaneousprocessing burden required to authenticate packet keys. Authenticationis further accelerated by using the packet LBA to index into a muchsmaller group of keys within the sliding window.

Level 2 Rotating Key packet validation provides arguably greaterprotection than Level 0 or Level 1 while at the same time providinggreater flexibility to share data among clients. It also addresses thespecial case security issues encountered in multicast packets.

New windows are created each time a client with a unique MC or IPperforms a synchronization. Each unique authorization window can beconfigured independently in regard to window size, time-of-life and keylength. Unused windows are released when they remain unused beyond theirtime-of-life. It should be noted that multicast receivers will each havetheir own window but that the parameters of the window will be identicalamong all members of the multicast.

Optimally the rotating key would be placed at the end of the packet sothat all data is guaranteed to have been received before the valid key.This prevents malicious or accidental corruption of the data within avalid packet sent by a valid client.

A device operating at Level 3 uses rotating key and hardware MAC toreject accidental or malicious packets from clients who do not have thesynchronization seed for the rotating key and are not the originatingclient.

Level 3 Rotating Key with the added hardware packet validation providesarguably the greatest protection from accidental and or malicious accessto a device. The added level of security over Level 2 comes at the costof sharing access among devices. This level of security is envisionedprimarily for high security access between two devices.

A device operating at Level 4 adds Data Authentication Coding (DAC) toLevels 0-3 of the transport mechanism to allow the receiver to verifythat the LBA and data have not been accidentally or maliciously modifiedin the process of transport. It is contemplated that any known or laterdeveloped DAC algorithms may be used for this purpose.

A device operating at Level 5 adds encryption of the LBA to Levels 0-4.Level 5 operations require that the LBA of a packet be encrypted throughuse of an algorithm in a manner similar as for Levels 3 and 4.Encrypting the LBA denies potential malicious sources from snooping LBAhistograms to help focus an attack on sensitive areas of a storage areasuch as a portion used to store file system directories. The LBA shouldbe encrypted using a different key and algorithm than that used for therotating authorization key. The use of different algorithms, seeds, andkeys helps prevent malicious clients from statistically decoding theauthorization key using known LBA access patterns.

NAIS Storage Systems

Referring to FIG. 31, a NAIS storage system 3110 among a plurality ofdevices 3121-3124 coupled via a wireless network. Storage system 3110comprises a plurality of allocated storage areas 3111-3114, each storagearea being assigned an IP address and a name, and NAIS 3110 also beingassigned an IP Address (sometimes referred to as the “Root IP”). NAISstorage systems are preferably adapted to handle each of the commandpackets of the PSAN protocol in the following manner.

A client device wishing to obtain additional storage will first identifya NAIS storage device on the network and will then send a TRANSFERrequest requesting that a certain amount of storage be allocated. TheNAIS device will respond to the request by allocating the requestedamount of storage (possibly in cooperation with other NAIS devices),obtaining an IP address to be associated with the storage, andassociating both the obtained IP address and the name provided by theclient with the storage. If the NAIS storage device is subsequentlypowered down or otherwise temporarily removed from a network, it willrequest replacement IP addresses when reconnected to a network. As IPaddresses, may change over time, NAIS storage systems are also adaptedto respond to NAME RESOLUTION REQUEST commands to allow devices toobtain the current IP addresses through the use of the names associatedwith allocated storage areas. NAIS storage devices are also adapted torespond to FIND requests in the manner previously described.

A client device requesting to write data to an allocated storage area ofa NAIS storage device will send a TRANSFER packet comprising a split-IDmade up of the IP address associated with the storage area and an LBAidentifying a block within the storage area. The NAIS storage devicewill, upon receipt and authentication of the packet, replace thecontents of the storage block identified by the split-ID with the dataportion of the received TRANSFER packet and will subsequently send anACK packet notifying the client that the transfer occurred withouterror, or an ERROR packet indicating that an error occurred during thetransfer.

A client device desiring to obtain data from an allocated storage areaof a NAIS storage device will send a REQUEST packet comprising asplit-ID made up of the IP address associated with the storage area andan LBA identifying a block within the storage area. The NAIS storagedevice will, upon receipt and authentication of the packet, respond witha TRANSFER packet containing the contents of the requested block, or anERROR packet indicating why the transfer could not be completed. If theclient device desires to prevent modification of the requested block ofdata after it is transferred, the client can use a REQUEST LOCK packetin place of a REQUEST packet.

In general, NAIS storage systems should be adapted to preventunauthorized access to allocated storage areas, and to implement atleast one of the authentication levels described herein. When anallocated storage area is not needed anymore, the client can send aRELEASE PARTITION command. The NAIS devices will respond to such acommand by erasing the contents of the storage area and then making thereleased storage available for subsequent allocation. The contents of anallocated storage area should never be accessible to any client withoutauthorization from the allocating client. In preferred embodiments aNAIS device will be unable to access the contents of a storage areawithout authorization from the allocating client, and recover of storagefrom an allocated partition can only be achieved upon receipt of anauthorized RELEASE PARTITION command, or by getting rid of all of theallocated storage areas of a NAIS storage device.

Storage Systems that Span Devices

In FIG. 32, a client 3210 and NAIS storage devices 3221 and 3222 arecoupled to a network 3230. Client 3210 originally requested NAIS 3221for an allocation of storage space in excess of the space available onNAIS 3221. As such, NAIS 3221 in turn requested that the space it couldnot provide be provided by NAIS 3222. The fact that the storage space3223 allocated spans NAIS devices is essentially transparent to client3210 as the only indication it may have that such spanning occurred isif it sees that the IP address returned by NAIS 3221 is a multicast IP.Although multicasting is the preferred method for implementing spanning,methods applicable to non-NAIS storage devices can generally also beimplemented via NAIS storage devices.

Storage Systems that are Mirrored

In FIG. 33, a client 3310 and NAIS storage devices 3321 and 3322 arecoupled together via network 3330. In the system shown, client 3310 usesa multicast IF address to communicate with both NAIS 3321 and 3322. Theinitial allocation of storage areas on both NAIS devices may be done byclient 3310 requesting allocation of space on both devices and thensetting a multicast IP address to be used to access each of theallocated storage areas. Alternatively, NAIS 3321 may be configured suchthat, any request for allocation of storage space results in acorresponding request from NAIS 3321 to NAIS 3322, and a multicast IPaddress being returned from NAIS 3321 to client 3310.

RAID Storage Systems

The methods described above in regard to mirroring and spanning can beutilized to develop RAID (Redundant Array of Independent Disks) storagesystems. In some embodiments, the RAID system will comprise devices thatare individually accessible across a network. In other instances a RAIDsystem may comprise a dedicated network coupling NAIS devices to acontroller that makes the RAID system indistinguishable from any otherNAIS device and eliminates the need for devices using the RAID systemfrom having to utilize broadcast addresses. In such an instance thecontroller may simply translate the SID of incoming packets into abroadcast IP address and LBA for use on the internal network. Referringto FIG. 34, a RAID system 3401 comprises network 3410, NAIS storagedevices 3421-3423, and controller 3430 coupled to a network 3440 and tonetwork 3410. NAIS storage devices 3421-3423 have the preferredcharacteristics of NAIS storage devices described above.

Example Personal Computer Storage

Referring to FIG. 35, a system comprising network 3510, personalcomputers 3521 and 3522, DHCP server/NAT Bridge 3540, and NAIS storagedevice 3550 is shown. NAIS 3550 obtains LP addresses for allocatedstorage areas from DHCP server/NAT Bridge 3540. Personal computers 3521and 3522 obtain storage from NAIS 3550 and otherwise interact with NAISstorage device 3550 using the PSAN protocol. NAIS storage devices 3550has the preferred characteristics of NAIS storage devices describedabove.

Example Digital Still and Video Photography

Referring to FIG. 36 a system comprising network 3610, digital camera3621, video camera 3622, television 3630, DHCP server/NAT Bridge 3640,and NAIS storage device 3650 is shown. Cameras 362 and 3622 obtainstorage from NAIS 3650 and use that storage for storing digital picturesand videos. Television 3630, upon receipt of authorization from cameras3621 and 3622 is able to be used to view the videos and photographscontained in cameras 3621 and 3622 and/or stored on NAIS 3650. NAIS 3650obtains LP addresses for allocated storage areas from DHCP server/NATBridge 3640. NAIS storage devices 3550 has the preferred characteristicsof NAIS storage devices described above. PSAN packets are used by thevaiours devices for communications and data transfer across network3610.

Example Personal Video Recorders and Set Top Boxes

Referring to FIG. 37 a system comprising cable programming network 3710,tuners 3721 and 3722, IP network 3730, NAIS storage devices 3741 and3742, decoders 3751 and 3752, and televisions 3761 and 3762 is shown.NAIS storage devices 3750 has the preferred characteristics of NAISstorage devices described above. Tuners 3721 and 3722 obtain programsbroadcast on cable programming network 3710 and store any suchbroadcasts on NAIS storage devices 3741 and 3742. Decoders 3751 and 3752obtain such stored broadcasts from devices 3741 and/or 3742 and displaythen on televisions 3761 and 3762. PSAN packets are used by the variousdevices for communications and data transfer across network 3710.

Characterization of Embodiments

Table 3 provides alternative and/or additional descriptionscharacterizing alternative embodiments that the inventive subject matterincludes, but is not necessarily limited to. Each description within thetable may be referenced by specifying a set and number such thatdescription A1 is the first description in the A set. Additional detailscan be found in concurrently filed PCT application no. ______, entitled“Data Storage Devices Having IP Capable Partitions” and PCT applicationno. ______, entitled “Electrical Devices With Improved Communication”,the disclosures of which are incorporated herein by reference.

TABLE 3 Embodiment Characterizations Set No. Description A 1 A method oftransferring data to a target device via encapsulated packets whereineach encapsulated packet comprises a data block and an identifier thatmaps the data block to a storage location within a storage area of thetarget device; and wherein the storage area of the target device isidentified by an identifier contained in a header of a packetencapsulating the encapsulated packet. A 2 The method of A1 wherein thesize of the data block of each of the encapsulated packets is equal tothe native block size of the target device. A 3 The method of A1 whereinthe header of the encapsulated packet comprises a command, theidentifier, and a token that is used by the target device to determinewhether to execute the command. A 4 The method of A3 wherein executionof the command causes the target device to replace the contents of thestorage location with the contents of the data block of the encapsulatedpacket. A 5 The method of A4 wherein the token is used to authenticatethe source of the command, and the command is only executed if thestorage area has been allocated to the source of the command. A 6 Themethod of A5 wherein the encapsulated packet comprises a plurality oftokens used to authenticate the source of the command. A 7 The method ofA5 wherein acceptance of a particular token as authenticating the sourceof the command does not depend on prior or later acceptance of othertokens. A 8 The method of A5 wherein the token comprises a value that isat least partially dependent on the MAC address of the source of thecommand. A 9 The method of A5 wherein the target a particular token willonly be accepted once by the target device as authenticating the sourceof the command. A 10 The method of A5 wherein the target device willaccept a plurality of tokens as authenticating the source of thecommand. A 11 The method of A10 wherein the number of tokens the targetdevice will accept as authenticating the source of the command isstatistically insignificant compared to the number tokens that thetarget device will not accept as authenticating the source of thecommand. A 12 The method of A5 wherein the target device maintains acount of commands received from a particular source and stops executingcommands after a certain number of commands have been received. A 13 Themethod of A5 wherein acceptance of a command as being provided by aparticular source depends in part on a calculation involving a keypreviously provided by the source to the target device. A 14 The methodof A5 wherein acceptance of a command as being provided by a particularsource depends in part on a calculation involving a network addressobtained from an encapsulating header. A 15 The method of A5 wherein thetoken is used to authenticate the identifier as well as the source ofthe command. A 16 The method of A5 wherein the token is used toauthenticate a range of identifiers as well as the source of thecommand. A 17 The method of A1 wherein executing the command causes thetarget device to obtain data from a third device that is neither thetarget device nor the source of the command. A 18 The method of A17wherein the source of the command provides a user with a graphicaldisplay providing control and status of transfers between the targetdevice and the third device. A 19 The method of A18 wherein the targetdevice and the third device are separated by a bridge. A 20 The methodof A19 wherein the bridge is a NAT bridge. A 21 The method of 1 whereinthe storage area identifier is also used to route the encapsulatingpacket to the target device. B 1 A method of transferring data to aplurality of target devices via encapsulated packets wherein eachencapsulated packet comprises a data block and an identifier that mapsthe data block to a storage location within a storage area of each ofthe plurality of target devices; and wherein the storage area of each ofthe plurality of target devices is identified by an identifier containedin a header of a packet encapsulating the encapsulated packet. B 2 Themethod of B2 wherein the storage area identifier is also used to routethe encapsulating packet to each of the plurality of target devices. B 3The method of B2 wherein the all of the plurality of target devicesshare a native block size and the size of the data block of each of theencapsulated packets is equal to the native block size of the pluralityof target devices. B 4 The method of B3 wherein the header of eachencapsulated packet comprises a command, the identifier, and a tokenthat is used by each of the plurality of target devices to determinewhether to execute the command. B 5 The method of B4 wherein executionof the command causes each of the plurality of target devices to replacethe contents of the storage location with the contents of the data blockof the encapsulated packet. C 1 A protocol comprising a packet used totransfer data from a first device to a second device, the packetincluding an identifier provided to the first device from the seconddevice, wherein including the identifier in the packet eliminates theneed for the second device to acknowledge receipt of the packet. D 1 Amethod of communicating a block of data to a device for subsequentmanipulation by the device wherein the block of data is divided intosub-blocks and the device manipulates the sub-blocks without firstre-assembling the block. E 1 A method of communicating a block of datato a device for subsequent manipulation by the device wherein the blockof data is divided into sub-blocks and transferred out of order and thedevice manipulates the sub-blocks without first re-ordering the block. F1 A method for a requestor to request data from a storage devicewherein: the data on the storage device is divided into sub-units; therequestor is only able to request a single sub-unit from the storagedevice; the requestor requests a single sub-unit from the storage deviceby providing a number identifying the sub-unit requested to the storagedevice; and the sub-unit is transmitted to the request in a single datapacket. G 1 A method of communicating a block of data to a device forsubsequent manipulation by the device wherein the block of data isdivided into sub-blocks and transferred out of order and the devicemanipulates the sub-blocks without first re-ordering the block. H 1 Astorage device having a media with a plurality of partitions, each ofthe partitions being separately addressed by at least one IP address. H2 A storage system comprising the storage device of H1 wherein at leastone of the plurality of partitions is multicast spanned with anotherstorage device. H 3 A storage system comprising the storage device of H1wherein at least one of the plurality of partitions is proxy spannedwith another storage device. H 4 The storage device of H1 wherein atleast one of the plurality of partitions is proxy spanned with anotherof the plurality of partitions. H 5 The storage device of H1 comprisingat least two different types of storage media. I 1 A storage devicehaving a media with a plurality of partitions, each of the partitionsbeing separately addressed by at least one IP address. I 2 The device ofI1 wherein at least one partition is addressed by at least two IPaddresses. I 3 The device of I2 wherein one of the at least two IPaddresses is a multicast address. I 4 The device of I1 wherein the mediacomprises at least one of fixed, removable, electronic, magnetic,electromechanical, optical, solid state, static, and/or rotating. I 5The device of I1 wherein the device comprises at least one of a floppydisk, hard disk, ram disk, storage arrays, storage network, CD ROMdevices DVD device, magnetic tape device, and flash memory. I 6 Thedevice of I1 wherein the device comprises a plurality of media, each ofthe media comprising a plurality of media partitions, the devicecomprising at least one device partition that comprises a mediapartition from each of at least two media. I 7 The device of I6 whereinthe device partition comprises a plurality of storage blocks, each ofthe blocks being assigned an integer value within a range wherein thevalues of the blocks in a first of plurality of media partitions do notoverlap the values of the blocks in a second of the plurality of mediapartitions. I 8 The device of I1 wherein the device comprises at leasttwo different types of media. I 9 The device of I8 wherein each of theat least two different types of media comprises a plurality ofpartitions, each of the partitions being separately addressed by atleast one IP address. J 1 A system coupled to a network and adapted toexamine packets on the networks to determine if they contain one of atleast two network addresses wherein one of the at least two networkaddresses is associated with a storage area within the system. J 1B Thesystem of Jl wherein the system comprises a plurality of storage areas,a plurality of network interfaces, and a plurality of dynamicallyassigned IP addresses, and the number o assigned IP addresses is equalto or greater than the combined number of storage areas and networkinterface. J 1C The system of J1B wherein system is adapted to requestthe IP addresses from a DHCP server. J 1D The system of J1B wherein thesystem is adapted to provide an identifier other than a MAC address tothe DHCP server when requesting IP addresses. J 2 A system comprising aplurality of NAIS devices wherein at least two of the NAIS devicescomprise storage areas associated with a common multicast IP address. J3 The system of J2 wherein the at least two NAIS devices are storagedevices and one NAIS device mirrors the other NAIS device. J 4 Thesystem of J3 wherein the at least two NAIS devices examine packetsaddressed with the common multicast IP address to determine if anyparticular packet contains an LBA within an assigned range wherein theat least two NAIS devices each have an assigned range which does notoverlap the range of any other NAIS device. K 1 A digital still andvideo photography system comprising at least one NAIS storage device, atleast one digital image capture device, and at least one digital imagedisplay device wherein the NAIS, the display device and capture devicesare separate devices coupled together via an IP network. L 2 The systemof Z1 wherein the NAIS communicates with the display device and thecapture device via the PSAN protocol. M 3 A home entertainment systemcomprising a cable programming network, an IP network, a tuner coupledto both the cable network and the IP network, a NAIS storage devicecoupled to the IP network, a decoder coupled to the IP network, and atelevision coupled to the decoder wherein the tuner is adapted toextract information broadcast on the cable programming network and touse the PSAN protocol to store the extracted information on the NAISstorage device, and the decoder is adapted to obtain information fromthe NAIS storage device using the PSAN protocol, decode it, and transmitthe decoded information to the television.

Thus, specific embodiments and applications of communication methods andprotocols, and devices utilizing external addressing of internal storageareas have been disclosed. It should be apparent, however, to thoseskilled in the art that many more modifications besides those alreadydescribed are possible without departing from the inventive conceptsherein. The inventive subject matter, therefore, is not to be restrictedexcept in the spirit of the appended claims. Moreover, in interpretingboth the specification and the claims, all terms should be interpretedin the broadest possible manner consistent with the context. Inparticular, the terms “comprises” and “comprising” should be interpretedas referring to elements, components, or steps in a non-exclusivemanner, indicating that the referenced elements, components, or stepsmay be present, or utilized, or combined with other elements,components, or steps that are not expressly referenced.

1-18. (canceled)
 19. A method comprising: receiving, at a first storagedevice, a request from a requestor over a network, the requestrequesting an allocation of storage that exceeds an amount ofallocatable storage of the first storage device; allocating a firststorage area on the first storage device and a second storage area on asecond storage device to the requestor based at least in part on therequest; and transmitting, to the requestor, a response that includes anetwork address to facilitate access to the first storage area and thesecond storage area.
 20. The method of claim 19, wherein the request isa first request and said allocating the second storage area comprises:transmitting, to the second storage device, a second request forallocation of storage based at least in part on said receiving of thefirst request.
 21. The method of claim 19, wherein the first storagedevice includes a plurality of storage areas including the storage areaand the network address uniquely identifies the storage area among theplurality of storage areas.
 22. The method of claim 21, wherein thenetwork address is an Internet protocol address.
 23. The method of claim19, wherein the network address is a multicast address associated withboth the first storage area and the second storage area.
 24. The methodof claim 19, wherein the network address is a unicast address associatedwith only the first storage area and the method further comprises:receiving, at the first storage device, a packet from the requestor, thepacket including the network address, a logical block address (LBA) thatcorresponds to the second storage area, and a command; and transmittinganother packet, to the second storage device, to execute the commandwith respect to the LBA.
 25. The method of claim 19, wherein the requestincludes another network address associated with a network interface ofthe first storage device.
 26. The method of claim 19, wherein the firststorage device and the second storage device are peers.
 27. An apparatuscomprising: a network interface; a first storage medium; and acontroller coupled to the network interface and the storage medium andconfigured to receive a request from a requestor via the networkinterface, the request requesting an allocation of storage that exceedsan amount of allocatable storage of the first storage medium; allocate afirst storage area on the first storage medium and a second storage areaon a second storage medium to the requestor based at least in part onthe request; and transmit, to the requestor via the network interface, aresponse that includes a network address to facilitate access to thefirst storage area and the second storage area.
 28. The apparatus ofclaim 27, wherein the request is a first request and the controller isconfigured to allocate the second storage area by being configured totransmit, to the second storage medium, a second request for allocationof storage based at least in part on said receipt of the first request.29. The apparatus of claim 27, wherein the first storage medium includesa plurality of storage areas including the storage area and the networkaddress uniquely identifies the storage area among the plurality ofstorage areas.
 30. The apparatus of claim 29, wherein the networkaddress is an Internet protocol address.
 31. The apparatus of claim 27,wherein the network address is a multicast address associated with boththe first storage area and the second storage area.
 32. The apparatus ofclaim 27, wherein the network address is a unicast address associatedwith only the first storage area and the controller is furtherconfigured to receive, via the network interface, a packet from therequestor, the packet including the network address, a logical blockaddress (LBA) that corresponds to the second storage area, and acommand; and to transmit another packet, to the second storage medium,to execute the command with respect to the LBA.
 33. The apparatus ofclaim 27, wherein the request includes another network addressassociated with the network interface.
 34. The apparatus of claim 27,wherein the apparatus a storage device comprising the second storagemedium are peers.